PT-2007-2674 · Blender · Kmz Importwithmesh.Py Script+1

Published

2007-03-03

Updated

2017-07-29

CVE-2007-1253

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Blender versions prior to 2.43 kmz ImportWithMesh.py Script for Blender version 0.1.9h

Description The issue allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted KML or KMZ file. This is related to an eval injection vulnerability in the kmz ImportWithMesh.py Script for Blender.

Recommendations For Blender versions prior to 2.43, update to version 2.43 or later to resolve the issue. For kmz ImportWithMesh.py Script for Blender version 0.1.9h, consider disabling the script until a patched version is available.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2007-1253

Affected Products

Blender

Kmz Importwithmesh.Py Script

PT-2007-2674 · Blender · Kmz Importwithmesh.Py Script+1

CVE-2007-1253

Weakness Enumeration

Related Identifiers

Affected Products

References · 15